CVE-2019-5802

{"id": "CVE-2019-5802", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-05-23T20:29:01.247", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", "source": "chrome-cve-admin@google.com"}, {"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "source": "chrome-cve-admin@google.com"}, {"url": "https://crbug.com/632514", "source": "chrome-cve-admin@google.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://crbug.com/632514", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page."}, {"lang": "es", "value": "El manejo inadecuado de los or\u00edgenes de descarga en Navigation en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una suplantaci\u00f3n de dominios por medio de una p\u00e1gina HTML creada."}], "lastModified": "2024-11-21T04:45:31.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6", "versionEndExcluding": "73.0.3683.75"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com"}